And that should be all. New files and directories will have owner same as creator, group will be the rwsamba and everybody could read everything. Of course, being an owner gives me access to change permissions, so "skilled" user can mess with them. This can be fixed by telling samba to override owner of new files and directories: